Hi Team, Just following up on the report I shared recently. I'm glad to help improve your platform’s security and hope it proves useful. If there’s a reward program or recognition path in place, I’d love to be considered — it goes a long way in supporting independent researchers like myself. Looking forward to your response. Best Regards
On Mon, Jun 30, 2025 at 4:02 PM WhiteHat Warden <[email protected]> wrote: > Hi Team, > I wanted to follow up on the vulnerability I submitted. I took care to > follow responsible disclosure practices and ensure the report was clear and > actionable. > If your team offers any form of reward or appreciation for valid reports, > I’d be grateful to be considered. These gestures really encourage continued > ethical research and collaboration. > Thanks again for your time. > Best Regards. > > On Thu, Jun 26, 2025 at 6:34 PM WhiteHat Warden <[email protected]> > wrote: > >> *Severity:* Medium >> *Bug Name:* PHPInfo Exposure >> >> *Website:* <https://daid.eu>https://daid.eu >> *Affected POC:* https://daid.eu/info.php >> >> *Description:* >> Your publicly accessible PHPInfo page reveals detailed server and PHP >> environment configurations including installed modules, environment >> variables, and file paths. Attackers can leverage this data to craft >> targeted exploits, increasing your risk exposure. >> >> *Impact:* >> >> - >> >> Exposure of sensitive system and server information. >> - >> >> Enables attackers to tailor attacks specifically to your environment. >> - >> >> Potential stepping stone for further exploitation. >> >> *Suggested Fix:* >> >> - >> >> Remove or restrict access to PHPInfo pages. >> - >> >> Implement authentication controls or IP restrictions where access is >> necessary. >> - >> >> Regularly review exposed information and harden server configurations. >> >> *White Hat Note:* >> We disclose these findings to help secure your environment. Please update >> us once mitigated to verify and acknowledge your security improvements. >> >
